CVE-2023-6942

Published Jan 30, 2024

Last updated 3 months ago

CVSS high 7.5

Overview

Description: Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 to 5.92, GT Designer3 Version1(GOT1000) versions 1.325P and prior, GT Designer3 Version1(GOT2000) versions 1.320J and prior, GX Works2 versions 1.11M and later, GX Works3 versions 1.106L and prior, MELSOFT Navigator versions 1.04E to 2.102G, MT Works2 versions 1.190Y and prior, MX Component versions 4.00A to 5.007H and MX OPC Server DA/UA all versions allows a remote unauthenticated attacker to bypass authentication by sending specially crafted packets and connect to the products illegally.
Source: Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Severity: HIGH

Weaknesses

Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp: CWE-306

Hype score: Not currently trending

Actively exploited CVE : CVE-2023-6942
@transilienceai
12 Nov 2024
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:mitsubishielectric:ezsocket:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C6096E48-9ECD-48FF-9F5E-D182E42D41C9",
            "versionStartIncluding": "3.0"
          },
          {
            "criteria": "cpe:2.3:a:mitsubishielectric:fr_configurator2:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CED78B28-BBBF-4869-BC1C-F0789867FB4C"
          },
          {
            "criteria": "cpe:2.3:a:mitsubishielectric:got1000:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C31EFBDE-DE71-46F3-97A1-CABC037FC31D"
          },
          {
            "criteria": "cpe:2.3:a:mitsubishielectric:got2000:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5D887323-BBDD-41ED-82B8-66DE412666F5"
          },
          {
            "criteria": "cpe:2.3:a:mitsubishielectric:gx_works2:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B73766EB-FF3E-495E-B1C1-5D49A1569696",
            "versionStartIncluding": "1.11m"
          },
          {
            "criteria": "cpe:2.3:a:mitsubishielectric:gx_works3:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F4AEDEEE-5070-41E2-B4DC-6DE8456BC028"
          },
          {
            "criteria": "cpe:2.3:a:mitsubishielectric:mc_works64:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E5790F2E-5511-46F6-94E5-F3E1A2367662"
          },
          {
            "criteria": "cpe:2.3:a:mitsubishielectric:melsoft_navigator:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5F3C096D-D510-46F4-B46A-A234CA630227",
            "versionStartIncluding": "1.04e"
          },
          {
            "criteria": "cpe:2.3:a:mitsubishielectric:mt_works2:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0EC0ACF4-C303-4EC0-A755-1F9AE4152DDB"
          },
          {
            "criteria": "cpe:2.3:a:mitsubishielectric:mx_component:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "407781DB-9AF9-4E3A-BF24-1787ADB33F42",
            "versionStartIncluding": "4.00a"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References